itlawwikiaorg-20200214-history
Reasonable expectation of privacy
Overview Under current law, to establish a reasonable expectation of privacy a person must establish two things: that the individual had a subjective expectation of privacy; and that that subjective expectation of privacy is one that society is prepared to recognize as reasonable.See, e.g., Katz v. United States, 389 U.S. 347, 361 (1967) (full-text) (Harlan, J., concurring); California v. Ciraolo, 476 U.S. 207, 214 (1986) (full-text) (stating that "Justice Harlan made it crystal clear that he was resting on the reality that one who enters a telephone booth is entitled to assume that his conversation is not being intercepted"); Smith v. Maryland, 442 U.S. 735, 740 (1979) (full-text) (stating that the Harlan test "embraces two discrete questions"). If either element is missing, no protected interest is established. To support this privacy analysis, the Supreme Court has created a hierarchy of privacy interests: :First, expectations of privacy that "society is 'prepared to recognize as legitimate' have, at least in theory, the greatest protection.New Jersey v. T.L.O., 469 U.S. 325, 338 (1985) (full-text) (quoting Hudson v. Palmer, 468 U.S. 517, 526 (1984)). :Second, diminished expectations of privacy are more easily invaded.See id. at 342 n.8 (discussing the individual suspicion requirement when privacy interests are minimal); accord Skinner v. Railway Labor Executives' Ass'n, 489 U.S. 602, 624-25 (1989). :Third, subjective expectations of privacy that society is not prepared to recognize as legitimate have no protection.See, e.g., Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978); United States v. Caymen, 404 F.3d 1196, 1200-01 (9th Cir. 2005) (no reasonable expectation of privacy in the contents of computers the person has stolen or obtained by fraud). No bright line rule indicates whether an expectation of privacy is constitutionally reasonable.See O’Connor v. Ortega, 480 U.S. 709, 715 (1987). For example, the Supreme Court has held that a person has a reasonable expectation of privacy in property located inside a person’s home,See Payton v. New York, 445 U.S. 573, 589-90 (1980); in “the relative heat of various rooms in the home” revealed through the use of a thermal imager, see Kyllo v. United States, 533 U.S. 27, 34-35 (2001). in conversations taking place in an enclosed phone booth,See Katz, 389 U.S. at 352. and in the contents of opaque containers.See United States v. Ross, 456 U.S. 798, 822-23 (1982). In contrast, a person does not have a reasonable expectation of privacy in activities conducted in open fields,See Oliver v. United States, 466 U.S. 170, 177 (1984). in garbage deposited at the outskirts of real property,See California v. Greenwood, 486 U.S. 35, 40-41 (1988). or in a stranger’s house that the person has entered without the owner’s consent in order to commit a theft.See Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978). "Reasonable expectations of privacy arise from 'a source outside of the 4th Amendment, either by reference to concepts of real or personal property law or to understandings that are recognized and permitted by society.'"United States v. Jones, 132 S.Ct. 945 (2012). Impact of technology on the expectation of privacy Electronic surveillance is dramatically shrinking the locations and activities in which one has a recognized expectation of privacy. Techniques that derive information from an individual's body fluids, body structure, mental habits, voice timbre, eye motions, temperature change, and scores of other non-controllable attributes generate knowledge about past behavior, allow monitoring and measurement of present activities, and may make possible predictions about future performance. We can electronically monitor criminals, or persons awaiting trial, in their homes. We can call up information about one person from a multitude of government or commercial databases, compare and integrate it and, in effect, reveal new information about that person without their knowledge. While information has immense benefits and capabilities to improve our lives both individually and as a Nation, it also has dangers. Information about a person is potentially a means of influencing and controlling that person. Information challenges traditional sources of authority and institutions built on that authority. Experience, training, and education may be rendered useless by new information. Information can also erode responsibility: what was once considered a sin to be condemned or a crime to be punished may, with fuller knowledge, appear to some as an illness to be treated or a genetic defect to be repaired. This perception can lead to imposingly difficult questions about the limits on social engineering in the context of constitutional values of personal freedom and privacy. It is for these reasons that information, and the electronic, chemical, biological, and social technologies that generate and give access to it, often affect constitutional relationships that we are accustomed to think of as political, economic, or legal in nature. constitutional relationships deal with power, with limitations on power, and with the balance between them. Directly or indirectly, information often generates that power, informs its limitations, or affects their proper balance. Online communications Computer users lack a legitimate expectation of privacy in information regarding the to/from addresses for e-mails, the IP addresses of websites visited, the total traffic volume of the user, and other addressing and routing information conveyed for the purpose of transmitting Internet communications to or from a user.See Quon v. Arch Wireless Operating Co., 529 F.3d 892, 904-05 (9th Cir. 2008), rev'd on other grounds and remanded, City of Ontario, Cal. v. Quon, 560 U.S. 746 (2010); United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008); see also Smith v. Maryland, 442 U.S. 735, 743-44 (1979) (no legitimate expectation of privacy in dialing, routing, addressing, and signaling information transmitted to telephone companies). E-mail addresses and IP addresses provide addressing and routing information to an Internet service provider (ISP) in the same manner as a telephone number provides switching information to a telephone company.Forrester, 512 F.3d at 510. Just as a telephone user has no objectively reasonable expectation of privacy in telephone numbers voluntarily turned over to the phone company to enable switching of a phone call, an Internet user has no such expectation of privacy in routing information submitted to an ISP in order to deliver an Internet communication.Id. That routing information also is akin to the addressing information written on the outside of a first-class letter, which also is not constitutionally protected.Id. at 511 ("E-mail, like physical mail, has an outside address 'visible' to the third-party carriers that transmit it to its intended location."). With respect to information regarding the total volume of data received and transmitted by an Internet user, that information is no different from the information produced by a pen register regarding the number of incoming and outgoing calls at a particular phone number; and the Supreme Court has long held that an individual has no legitimate expectation of privacy in such information, which already has been exposed to a telecommunications carrier for the purpose of routing a communication.Id. With respect to the content of an Internet communication (such as an e-mail), a computer user generally has a legitimate expectation of privacy in that content while it is in transmission over the Internet. To date, the federal courts appear to agree that the sender of an e-mail, like the sender of a letter via first-class mail, has an objectively reasonable expectation of privacy in the content of a message while it is in transmission.See, e.g., People v. Lifshitz, 369 F.3d 173, 190 (2d Cir. 2004) (analogizing expectation of e-mail user in privacy of e-mail to expectation of individuals communicating by regular mail); United States v. Maxwell, 45 M.J. 406, 418 (U.S. Armed Forces Ct. App. 1996) (sender of an e-mail generally “enjoys a reasonable expectation that police officials will not intercept the transmission without probable cause and a search warrant”); see also Quon, 529 F.3d at 905 (“Users do have a reasonable expectation of privacy in the content of their text messages vis-à-vis the service provider.”). In United States v. Maxwell,''45 M.J. 406 (U.S. Armed Forces Ct. App. 1996). the court addressed e-mail privacy: Federal courts agree that, again like the sender of a first-class letter, an individual has a "diminished" expectation of privacy in the content of an e-mail that "has already arrived at the recipient."Lifshitz, 369 F.3d at 190 (internal citations omitted); see Guest v. Leis, 225 F.3d 325, 333 (6th Cir. 2001) (individual does not have a reasonable expectation of privacy "in an e-mail that had already reached its recipient; at this moment, the e-mailer would be analogous to a letter-writer, whose expectation of privacy ordinarily terminates upon delivery of the letter"); Maxwell, 45 M.J. at 417 (once an e-mail, like a letter, "is received and opened, the destiny of the e-mail then lies in the control of the recipient . . . , not the sender"); United States v. Jones, 149 Fed. Appx. 954, 959 (11th Cir. 2005) (unpublished) ("We have not addressed previously the existence of a legitimate expectation of privacy in text messages or e-mails. Those circuits that have addressed the question have compared e-mails with letters sent by postal mail. Although letters are protected by the Fourth Amendment, 'if a letter is sent to another, the sender's expectation of privacy ordinarily terminates upon delivery.'") (quoting United States v. King, 55 F.3d 1193, 1195-96 (6th Cir. 1995)). Government employees The U.S. Supreme Court has rejected the contention that public employees "can never have a reasonable expectation of privacy in their place of work."O'Connor v. Ortega, 480 U.S. 709, 717 (1987) (plurality); id. at 729-31 (Scalia, J., concurring). "Individuals do not lose Fourth Amendment rights merely because they work for the government instead of a private employer."Id. at 717 (plurality). Nevertheless, there are reasons to doubt that a government employee has a legitimate expectation of privacy in the content of his Internet communications made using government-owned information systems. Although an individual generally possesses a legitimate expectation of privacy in his own personal computer,e.g., United States v. Heckenkamp, 482 F.3d 1142, 1146 (9th Cir. 2007); People v. Lifshitz, 369 F.3d at 190. it is less clear that a government employee has a legitimate expectation of privacy in Internet communications he makes using a computer that is the property of the U.S. Government, provided by the taxpayers for his use at work.Cf. Muick v. Glenayre Elecs., 280 F.3d 741, 743 (7th Cir. 2002) (Posner, J.) (employee "had no right of privacy in the computer that private employer had lent him for use in the workplace"); but cf. United States v. Slanina, 283 F.3d 670, 677 (5th Cir. 2002) (employee had reasonable expectation of privacy in use of city-owned computer where there was no "city policy placing Slanina on notice that his computer usage would be monitored" and there was no "indication that other employees had routine access to his computer"), vacated on other grounds, 537 U.S. 802 (2002). A government employee lacks an ownership or other property interest in the computer he uses at work; and he especially lacks any such interests in the network infrastructure that the Government provides to enable its employees to access the Internet, which, unlike his personal computer, ordinarily is not within his day-to-day control. As a general matter, however, the Supreme Court has held that there may be circumstances in which a government employee has a legitimate expectation of privacy in the contents of governmental property that the employee uses or controls at work, such as an office or a locked desk drawer.See O’Connor, 480 U.S. at 716-19 (1987) (plurality) (public employee has a reasonable expectation of privacy in personal items, papers, and effects in office, desk, and file cabinets provided by public employer); see id. at 730-31 (Scalia, J., concurring) (government employee has a legitimate expectation of privacy in the contents of his office). And the Court also has made it clear that property interests are not conclusive regarding the legitimacy of an individual's expectation of privacy.See Oliver v. United States, 466 U.S. 170, 183 (1984) ("The existence of a property right is but one element in determining whether expectations of privacy are legitimate."); Warden v. Hayden, 387 U.S. 294, 304 (1967) ("The premise that property interests control the right of the Government to search and seize has been discredited."); see also Legality of Television Surveillance in Government Offices, 3 Op. O.L.C. 64, 66-67 (1979) (government ownership of office insufficient to establish employee’s lack of expectation of privacy where "in a practical sense" the employee exercises exclusive use of the office) ("Television Surveillance Opinion"); but cf. United States v. Ziegler, 474 F.3d 1184, 1191 (9th Cir. 2007) (private employee's "workplace computer . . . is quite different from the" property described in O’Connor, because the computer was owned by the company, was controlled jointly by the company and the employee, and was monitored to ensure that employees did not visit pornographic or other inappropriate Web sites). Instead, whether, in a particular circumstance, a government employee has a legitimate expectation of privacy in his use of governmental property at work is determined by "the operational realities of the workplace" and "by virtue of actual office practices and procedures, or by legitimate regulation."O’Connor, 480 U.S. at 717 (plurality); see United States v. Simons, 206 F.3d 392, 398 (4th Cir. 2000) ("Office practices, procedures, or regulations may reduce legitimate privacy expectations."). Use of log-on banners and computer-user agreements Although the U.S. Supreme Court has not addressed the issue, the federal courts of appeals have held that the use of log-on banners or computer-user agreements, can eliminate any legitimate expectation of privacy in the content of Internet communications on an employer's computer system. For example, in United States v. Simons,''206 F.3d 392 (4th Cir. 2000). the computer-use policy at the Foreign Bureau of Information Services ("FBIS"), a division of the Central Intelligence Agency, expressly noted that FBIS would "audit, inspect, and/or monitor" employees' use of the Internet, "including all file transfers, all websites visited, and all e-mail messages, 'as deemed appropriate.'"206 F.3d at 398 (quoting policy). The Fourth Circuit held that this policy "placed employees on notice that they could not reasonably expect that their Internet activity would be private" and that, "in light of the Internet policy, Simons lacked a legitimate expectation of privacy" in his use of the Internet at work.''Id. Likewise, in United States v. Angevine,''281 F.3d 1130 (10th Cir. 2002). the Tenth Circuit held that a professor at a state university had no reasonable expectation of privacy in his Internet use in light of a broadly worded computer-use policy and log-on banner. The computer-use policy stated that the university "reserves the right to view or scan any file or software stored on the computer or passing through the network, and will do so periodically" and has "a right of access to the contents of stored computing information at any time for any purpose which it has a legitimate need to know."''Id. at 1133 (quoting policy). The log-on banner provided that "all electronic mail messages . . . contain no right of privacy or confidentiality except where Oklahoma or Federal statutes expressly provide for such status," and that the university may "inspect electronic mail usage by any person at any time without prior notice as deemed necessary to protect business-related concerns . . . to the full extent not expressly prohibited by applicable statutes."Id. (quoting banner). The court held that these notices prevent university employees "from reasonably expecting privacy in data downloaded from the Internet onto university computers," because users are warned that data "is not confidential either in transit or in storage" and that "network administrators and others were free to view data downloaded from the Internet."Id. at 1134. The Eighth Circuit came to the same conclusion in United States v. Thorn.''375 F.3d 679 (8th Cir. 2004), ''vacated on other grounds, 543 U.S. 1112 (2005). Thorn, a state employee had acknowledged in writing a computer-use policy, which warned that employees "do not have any personal privacy rights regarding their use of agency's information systems and technology. An employee’s use of agency’s information systems and technology indicates that the employee understands and consents to agency’s right to inspect and audit all such use as described in this policy."Id. at 682 (quoting policy). As a result of this policy, the court held that the state employee "did not have any legitimate expectation of privacy with respect to the use and contents of his work computer," because under the agency's policy, employees have "no personal right of privacy with respect to their use of the agency's computers" and provides the state with a "right to access all of the agency's computers."Id. at 683. The decisions of other federal courts that have addressed the issue support the proposition that actual and consistent use of log-on banners or computer-user agreements can eliminate any legitimate expectation of privacy of an employee with respect to his Internet communications using a government-owned information systems.See Biby v. Board of Regents, 419 F.3d 845, 850-51 (8th Cir. 2005) (university computer policy warning user "not to expect privacy if the university has a legitimate reason to conduct a search" and that "computer files, including e-mail, can be searched" under certain conditions eliminates any reasonable expectation of privacy the use of the computer network); Muick v. Glenayre Elecs., 280 F.3d 741, 743 (7th Cir. 2002) (employer's announced policy of inspecting work computers "destroyed any reasonable expectation of privacy"); United States v. Monroe, 52 M.J. 326, 330 (C.A.A.F. 1999) (no reasonable expectation of privacy that network administrators would not review e-mail where banner stated that "users logging on to this system consent to monitoring"); see also United States. v. Heckenkamp, 482 F.3d 1142, 1147 (9th Cir. 2007) ("Privacy expectations may be reduced if the user is advised that information transmitted through the network is not confidential and that the systems administrators may monitor communications transmitted by the user.") (citing Angevine, 281 F.3d at 1134, and Simons, 206 F.3d at 398); cf. Slanina, 283 F.3d at 677 ("Given the absence of a city policy placing Slanina on notice that his computer usage would be monitored and the lack of any indication that other employees had routine access to his computer, we hold that Slanina's expectation of privacy was reasonable."); Leventhal v. Knapek, 266 F.3d 64, 73-74 (2d Cir. 2001) (public employee had reasonable expectation of privacy in the contents of his office computer because his employer neither "had a general practice of routinely conducting searches of office computers" nor "had placed him on notice that he should have no expectation of privacy in the contents of his office computer"). References Category:Privacy